Jump to content

rootrepeal report


Recommended Posts

hiya, scanned my lappy looking for the root thingy thats stopping malwarebytes from working, but my report looks nothing like the example, can someone identify which one i need to delete, thanks in advance

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2010/09/18 12:32

Program Version: Version 1.3.5.0

Windows Version: Windows XP Media Center Edition SP3

==================================================

Hidden/Locked Files

-------------------

Path: C:\HIBERFIL.SYS

Status: Locked to the Windows API!

Path: c:\documents and settings\martin pain\local settings\application data\google\chrome\user data\default\thumbnails

Status: Allocation size mismatch (API: 1114112, Raw: 262144)

Path: c:\documents and settings\martin pain\local settings\application data\google\chrome\user data\default\history index 2010-09

Status: Allocation size mismatch (API: 1114112, Raw: 262144)

Path: c:\documents and settings\martin pain\local settings\application data\google\chrome\user data\default\history-journal

Status: Allocation size mismatch (API: 1081344, Raw: 65536)

Path: c:\documents and settings\martin pain\local settings\application data\google\chrome\user data\default\current session

Status: Allocation size mismatch (API: 1081344, Raw: 131072)

Path: c:\documents and settings\martin pain\local settings\application data\google\chrome\user data\default\history index 2010-09-journal

Status: Allocation size mismatch (API: 1081344, Raw: 98304)

Path: C:\Documents and Settings\martin pain\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies-journal

Status: Invisible to the Windows API!

Path: c:\documents and settings\martin pain\local settings\application data\google\chrome\user data\default\cache\data_1

Status: Size mismatch (API: 532480, Raw: 270336)

Path: C:\Documents and Settings\martin pain\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\F_000039

Status: Invisible to the Windows API!

Path: C:\Documents and Settings\martin pain\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_00003a

Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\martin pain\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_00003b

Status: Visible to the Windows API, but not on disk.

==EOF==

Link to post
Share on other sites

Hi,

Your RootRepeal log is clean. I suggest we take a closer look:

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them:
    Click me
    If you can't disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Link to post
Share on other sites

managed to get it going in safe mode,, here is the report.

ComboFix 10-09-20.02 - martin pain 20/09/2010 23:34:03.1.2 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.690 [GMT 1:00]

Running from: c:\documents and settings\martin pain\My Documents\Downloads\ComboFix.exe

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\WinPCap

c:\program files\WinPCap\daemon_mgm.exe

c:\program files\WinPCap\npf_mgm.exe

c:\program files\WinPCap\rpcapd.exe

c:\windows\system32\drivers\npf.sys

c:\windows\system32\Packet.dll

c:\windows\system32\pthreadVC.dll

c:\windows\system32\system

c:\windows\system32\WanPacket.dll

c:\windows\system32\wpcap.dll

Infected copy of c:\windows\system32\drivers\pcmcia.sys was found and disinfected

Restored copy from - Kitty had a snack ;)

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_NPF

-------\Service_NPF

((((((((((((((((((((((((( Files Created from 2010-08-20 to 2010-09-20 )))))))))))))))))))))))))))))))

.

2010-09-18 11:19 . 2010-09-18 11:19 0 ----a-w- c:\documents and settings\martin pain\settings.dat

2010-09-18 08:51 . 2010-09-18 08:51 -------- d-----w- c:\documents and settings\lisa pain\Application Data\Malwarebytes

2010-09-18 08:47 . 2010-09-18 08:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-09-18 08:31 . 2010-09-18 08:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2010-09-18 07:50 . 2010-09-18 07:50 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2010-09-17 17:00 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-09-17 17:00 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-09-17 17:00 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-09-17 17:00 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-09-17 17:00 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2010-09-17 17:00 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys

2010-09-17 17:00 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2010-09-17 17:00 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr

2010-09-17 17:00 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe

2010-09-17 16:42 . 2010-09-17 16:42 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google

2010-09-17 16:37 . 2010-09-17 16:37 -------- d-----w- c:\documents and settings\martin pain\Local Settings\Application Data\Temp

2010-09-17 16:37 . 2010-09-17 16:37 -------- d-----w- c:\program files\Google

2010-09-17 16:37 . 2010-09-17 16:37 -------- d-----w- c:\documents and settings\martin pain\Local Settings\Application Data\Google

2010-09-17 16:36 . 2010-09-17 16:36 -------- d-----w- c:\program files\Alwil Software

2010-09-17 16:36 . 2010-09-17 16:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software

2010-09-16 18:56 . 2010-09-16 18:56 -------- d-----w- c:\windows\system32\wbem\Repository

2010-09-02 09:44 . 2010-09-02 09:44 -------- d-----w- c:\program files\Ask.com

2010-08-29 07:38 . 2010-09-20 22:39 12 ----a-w- c:\windows\bthservsdp.dat

2010-08-27 08:17 . 2010-08-27 08:17 -------- d-----w- c:\documents and settings\lisa pain\Application Data\Radialpoint

2010-08-26 19:35 . 2010-08-26 19:35 -------- d-----w- c:\documents and settings\martin pain\Application Data\Radialpoint

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-18 12:42 . 2010-08-15 17:56 1 ----a-w- c:\documents and settings\martin pain\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2010-09-16 19:22 . 2010-07-10 12:36 43168 ---ha-w- c:\windows\system32\mlfcache.dat

2010-08-17 13:17 . 2004-08-10 19:00 58880 ----a-w- c:\windows\system32\SPOOLSV.EXE

2010-08-16 16:18 . 2008-04-13 18:44 45344 ----a-w- c:\documents and settings\martin pain\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-08-15 19:27 . 2008-04-24 08:40 45344 ----a-w- c:\documents and settings\lisa pain\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-08-15 17:55 . 2010-08-15 17:55 -------- d-----w- c:\documents and settings\martin pain\Application Data\OpenOffice.org

2010-08-15 17:54 . 2010-08-15 17:54 -------- d-----w- c:\program files\JRE

2010-08-15 17:53 . 2010-08-15 17:53 -------- d-----w- c:\program files\OpenOffice.org 3

2010-08-10 13:09 . 2010-08-10 13:09 61440 ----a-w- c:\documents and settings\lisa pain\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5a2f0a05-n\decora-sse.dll

2010-08-10 13:09 . 2010-08-10 13:09 503808 ----a-w- c:\documents and settings\lisa pain\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1770c867-n\msvcp71.dll

2010-08-10 13:09 . 2010-08-10 13:09 499712 ----a-w- c:\documents and settings\lisa pain\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1770c867-n\jmc.dll

2010-08-10 13:09 . 2010-08-10 13:09 348160 ----a-w- c:\documents and settings\lisa pain\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1770c867-n\msvcr71.dll

2010-08-10 13:09 . 2010-08-10 13:09 12800 ----a-w- c:\documents and settings\lisa pain\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5a2f0a05-n\decora-d3d.dll

2010-08-05 20:16 . 2010-08-05 20:16 61440 ----a-w- c:\documents and settings\martin pain\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3bffbbe4-n\decora-sse.dll

2010-08-05 20:16 . 2010-08-05 20:16 503808 ----a-w- c:\documents and settings\martin pain\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-358e4a55-n\msvcp71.dll

2010-08-05 20:16 . 2010-08-05 20:16 499712 ----a-w- c:\documents and settings\martin pain\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-358e4a55-n\jmc.dll

2010-08-05 20:16 . 2010-08-05 20:16 348160 ----a-w- c:\documents and settings\martin pain\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-358e4a55-n\msvcr71.dll

2010-08-05 20:16 . 2010-08-05 20:16 12800 ----a-w- c:\documents and settings\martin pain\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3bffbbe4-n\decora-d3d.dll

2010-08-03 13:41 . 2010-03-06 20:48 46 ----a-w- c:\documents and settings\lisa pain\jagex_runescape_preferences.dat

2010-08-03 13:41 . 2010-03-06 20:49 99 ----a-w- c:\documents and settings\lisa pain\jagex_runescape_preferences2.dat

2010-08-03 13:39 . 2010-08-03 13:39 0 ----a-w- c:\documents and settings\lisa pain\jagex__preferences3.dat

2010-08-01 17:31 . 2010-08-01 17:31 -------- d-----w- c:\program files\iPod

2010-08-01 17:25 . 2010-08-01 17:25 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe

2010-08-01 17:24 . 2010-08-01 17:24 -------- d-----w- c:\program files\Safari

2010-08-01 17:20 . 2010-08-01 17:20 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe

2010-07-22 15:49 . 2004-08-10 19:00 590848 ----a-w- c:\windows\system32\RPCRT4.DLL

2010-07-22 15:49 . 2004-08-10 19:00 590848 ----a-w- c:\windows\system32\rpcrt4(2)(2).dll

2010-07-22 05:57 . 2009-04-16 19:06 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-07-17 04:00 . 2010-08-15 17:53 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-07-15 13:45 . 2010-07-15 13:45 187128 ----a-w- c:\documents and settings\martin pain\Application Data\Virgin Media\Digital Home Support\downloads\VirginDetectionScriptsBundle.18467.zip.dir\tools\NetworkFinder.signed.exe

2010-07-15 13:45 . 2010-07-15 13:45 187128 ----a-w- c:\documents and settings\lisa pain\Application Data\Virgin Media\Digital Home Support\downloads\VirginDetectionScriptsBundle.6334.zip.dir\tools\NetworkFinder.signed.exe

2010-06-30 12:31 . 2004-08-10 19:00 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-24 12:22 . 2006-01-09 10:02 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-23 13:44 . 2004-08-10 19:00 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-05-17 07:18 . 2009-08-24 08:45 32 --sha-w- c:\windows\system32\drivers\fidbox.dat

2010-05-17 07:18 . 2009-08-24 08:45 32 --sha-w- c:\windows\system32\drivers\fidbox2.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-CFC3-3CECC9AB2EDA}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LaunchApp"="Alaunch" [X]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 16248320]

"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]

"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 53248]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946]

"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 45056]

"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]

"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-10 352256]

"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-22 3080704]

"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-07-20 593920]

"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 397312]

"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2006-06-23 225280]

"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 69632]

"LogitechCameraAssistant"="c:\program files\Acer\OrbiCam\CameraAssistant.exe" [2006-06-26 331776]

"LogitechVideo[inspector]"="c:\program files\Acer\OrbiCam\InstallHelper.exe" [2006-06-26 14:55 73728]

"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\martin pain\Start Menu\Programs\Startup\

OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]

@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [17/09/2010 18:00 165584]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17/09/2010 18:00 17744]

R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [19/06/2006 12:20 1097728]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - INT15.SYS

.

Contents of the 'Scheduled Tasks' folder

2010-07-10 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.virginmedia.com

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com

DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} - hxxp://downloads.virginmedia.com/CST/ver1/xp_mail.cab

FF - ProfilePath - c:\documents and settings\martin pain\Application Data\Mozilla\Firefox\Profiles\ncm338o2.default\

FF - prefs.js: browser.search.defaulturl - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORPHANS REMOVED - - - -

HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-09-20 23:40

Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(7956)

c:\windows\system32\WININET.dll

c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll

c:\windows\system32\MSNChatHook.dll

c:\windows\system32\sysenv.dll

c:\windows\system32\MSVCR71.dll

c:\acer\Empowering Technology\ePower\SysHook.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\acer\Empowering Technology\admServ.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\windows\system32\wdfmgr.exe

c:\windows\ehome\mcrdsvc.exe

c:\windows\system32\dllhost.exe

c:\windows\system32\rundll32.exe

c:\windows\RTHDCPL.EXE

c:\windows\eHome\ehmsas.exe

c:\program files\OpenOffice.org 3\program\soffice.exe

c:\windows\system32\igfxext.exe

c:\windows\system32\igfxsrvc.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\OpenOffice.org 3\program\soffice.bin

c:\windows\system32\wscntfy.exe

c:\program files\iPod\bin\iPodService.exe

c:\docume~1\MARTIN~1\LOCALS~1\Temp\RtkBtMnt.exe

.

**************************************************************************

.

Completion time: 2010-09-20 23:44:08 - machine was rebooted

ComboFix-quarantined-files.txt 2010-09-20 22:44

Pre-Run: 13,107,167,232 bytes free

Post-Run: 13,222,445,056 bytes free

- - End Of File - - ECE64ABE716F39A00809EE1984D6CE4B

Link to post
Share on other sites

managed to run another scan in normal mode, report as follows.

ComboFix 10-09-20.02 - martin pain 20/09/2010 23:49:55.2.2 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.430 [GMT 1:00]

Running from: c:\documents and settings\martin pain\My Documents\Downloads\ComboFix.exe

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

((((((((((((((((((((((((( Files Created from 2010-08-20 to 2010-09-20 )))))))))))))))))))))))))))))))

.

2010-09-18 11:19 . 2010-09-18 11:19 0 ----a-w- c:\documents and settings\martin pain\settings.dat

2010-09-18 08:51 . 2010-09-18 08:51 -------- d-----w- c:\documents and settings\lisa pain\Application Data\Malwarebytes

2010-09-18 08:47 . 2010-09-18 08:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-09-18 08:31 . 2010-09-18 08:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2010-09-18 07:50 . 2010-09-18 07:50 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2010-09-17 17:00 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-09-17 17:00 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-09-17 17:00 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-09-17 17:00 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-09-17 17:00 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2010-09-17 17:00 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys

2010-09-17 17:00 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2010-09-17 17:00 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr

2010-09-17 17:00 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe

2010-09-17 16:42 . 2010-09-17 16:42 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google

2010-09-17 16:37 . 2010-09-17 16:37 -------- d-----w- c:\documents and settings\martin pain\Local Settings\Application Data\Temp

2010-09-17 16:37 . 2010-09-17 16:37 -------- d-----w- c:\program files\Google

2010-09-17 16:37 . 2010-09-17 16:37 -------- d-----w- c:\documents and settings\martin pain\Local Settings\Application Data\Google

2010-09-17 16:36 . 2010-09-17 16:36 -------- d-----w- c:\program files\Alwil Software

2010-09-17 16:36 . 2010-09-17 16:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software

2010-09-16 18:56 . 2010-09-16 18:56 -------- d-----w- c:\windows\system32\wbem\Repository

2010-09-02 09:44 . 2010-09-02 09:44 -------- d-----w- c:\program files\Ask.com

2010-08-29 07:38 . 2010-09-20 22:39 12 ----a-w- c:\windows\bthservsdp.dat

2010-08-27 08:17 . 2010-08-27 08:17 -------- d-----w- c:\documents and settings\lisa pain\Application Data\Radialpoint

2010-08-26 19:35 . 2010-08-26 19:35 -------- d-----w- c:\documents and settings\martin pain\Application Data\Radialpoint

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-18 12:42 . 2010-08-15 17:56 1 ----a-w- c:\documents and settings\martin pain\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2010-09-16 19:22 . 2010-07-10 12:36 43168 ---ha-w- c:\windows\system32\mlfcache.dat

2010-08-17 13:17 . 2004-08-10 19:00 58880 ----a-w- c:\windows\system32\SPOOLSV.EXE

2010-08-16 16:18 . 2008-04-13 18:44 45344 ----a-w- c:\documents and settings\martin pain\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-08-15 19:27 . 2008-04-24 08:40 45344 ----a-w- c:\documents and settings\lisa pain\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-08-15 17:55 . 2010-08-15 17:55 -------- d-----w- c:\documents and settings\martin pain\Application Data\OpenOffice.org

2010-08-15 17:54 . 2010-08-15 17:54 -------- d-----w- c:\program files\JRE

2010-08-15 17:53 . 2010-08-15 17:53 -------- d-----w- c:\program files\OpenOffice.org 3

2010-08-10 13:09 . 2010-08-10 13:09 61440 ----a-w- c:\documents and settings\lisa pain\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5a2f0a05-n\decora-sse.dll

2010-08-10 13:09 . 2010-08-10 13:09 503808 ----a-w- c:\documents and settings\lisa pain\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1770c867-n\msvcp71.dll

2010-08-10 13:09 . 2010-08-10 13:09 499712 ----a-w- c:\documents and settings\lisa pain\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1770c867-n\jmc.dll

2010-08-10 13:09 . 2010-08-10 13:09 348160 ----a-w- c:\documents and settings\lisa pain\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1770c867-n\msvcr71.dll

2010-08-10 13:09 . 2010-08-10 13:09 12800 ----a-w- c:\documents and settings\lisa pain\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5a2f0a05-n\decora-d3d.dll

2010-08-05 20:16 . 2010-08-05 20:16 61440 ----a-w- c:\documents and settings\martin pain\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3bffbbe4-n\decora-sse.dll

2010-08-05 20:16 . 2010-08-05 20:16 503808 ----a-w- c:\documents and settings\martin pain\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-358e4a55-n\msvcp71.dll

2010-08-05 20:16 . 2010-08-05 20:16 499712 ----a-w- c:\documents and settings\martin pain\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-358e4a55-n\jmc.dll

2010-08-05 20:16 . 2010-08-05 20:16 348160 ----a-w- c:\documents and settings\martin pain\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-358e4a55-n\msvcr71.dll

2010-08-05 20:16 . 2010-08-05 20:16 12800 ----a-w- c:\documents and settings\martin pain\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3bffbbe4-n\decora-d3d.dll

2010-08-03 13:41 . 2010-03-06 20:48 46 ----a-w- c:\documents and settings\lisa pain\jagex_runescape_preferences.dat

2010-08-03 13:41 . 2010-03-06 20:49 99 ----a-w- c:\documents and settings\lisa pain\jagex_runescape_preferences2.dat

2010-08-03 13:39 . 2010-08-03 13:39 0 ----a-w- c:\documents and settings\lisa pain\jagex__preferences3.dat

2010-08-01 17:31 . 2010-08-01 17:31 -------- d-----w- c:\program files\iPod

2010-08-01 17:25 . 2010-08-01 17:25 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe

2010-08-01 17:24 . 2010-08-01 17:24 -------- d-----w- c:\program files\Safari

2010-08-01 17:20 . 2010-08-01 17:20 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe

2010-07-22 15:49 . 2004-08-10 19:00 590848 ----a-w- c:\windows\system32\RPCRT4.DLL

2010-07-22 15:49 . 2004-08-10 19:00 590848 ----a-w- c:\windows\system32\rpcrt4(2)(2).dll

2010-07-22 05:57 . 2009-04-16 19:06 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-07-17 04:00 . 2010-08-15 17:53 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-07-15 13:45 . 2010-07-15 13:45 187128 ----a-w- c:\documents and settings\martin pain\Application Data\Virgin Media\Digital Home Support\downloads\VirginDetectionScriptsBundle.18467.zip.dir\tools\NetworkFinder.signed.exe

2010-07-15 13:45 . 2010-07-15 13:45 187128 ----a-w- c:\documents and settings\lisa pain\Application Data\Virgin Media\Digital Home Support\downloads\VirginDetectionScriptsBundle.6334.zip.dir\tools\NetworkFinder.signed.exe

2010-06-30 12:31 . 2004-08-10 19:00 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-24 12:22 . 2006-01-09 10:02 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-23 13:44 . 2004-08-10 19:00 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-05-17 07:18 . 2009-08-24 08:45 32 --sha-w- c:\windows\system32\drivers\fidbox.dat

2010-05-17 07:18 . 2009-08-24 08:45 32 --sha-w- c:\windows\system32\drivers\fidbox2.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-CFC3-3CECC9AB2EDA}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LaunchApp"="Alaunch" [X]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 16248320]

"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]

"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 53248]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946]

"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 45056]

"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]

"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-10 352256]

"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-22 3080704]

"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-07-20 593920]

"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 397312]

"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2006-06-23 225280]

"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 69632]

"LogitechCameraAssistant"="c:\program files\Acer\OrbiCam\CameraAssistant.exe" [2006-06-26 331776]

"LogitechVideo[inspector]"="c:\program files\Acer\OrbiCam\InstallHelper.exe" [2006-06-26 14:55 73728]

"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\martin pain\Start Menu\Programs\Startup\

OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]

@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [17/09/2010 18:00 165584]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17/09/2010 18:00 17744]

R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [19/06/2006 12:20 1097728]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - INT15.SYS

.

Contents of the 'Scheduled Tasks' folder

2010-07-10 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.virginmedia.com

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com

DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} - hxxp://downloads.virginmedia.com/CST/ver1/xp_mail.cab

FF - ProfilePath - c:\documents and settings\martin pain\Application Data\Mozilla\Firefox\Profiles\ncm338o2.default\

FF - prefs.js: browser.search.defaulturl - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-09-20 23:53

Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(8080)

c:\windows\system32\WININET.dll

c:\windows\system32\MSNChatHook.dll

c:\windows\system32\sysenv.dll

c:\windows\system32\MSVCR71.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

Completion time: 2010-09-20 23:55:13

ComboFix-quarantined-files.txt 2010-09-20 22:55

ComboFix2.txt 2010-09-20 22:44

Pre-Run: 13,215,662,080 bytes free

Post-Run: 13,197,443,072 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - B1A0A172AC33A1AA1A8BA20FE92FC380

Link to post
Share on other sites

Hi,

Download TFC to your desktop

  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Start Malwarebytes' Anti-Malware

  • Once the program has loaded, click the "Update" tab and click the "Check For updates" button.
  • Once the updates were downloaded, click the "Scanner" tab, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    3. Check esetAcceptTerms.png
    4. Click the esetStart.png button.
    5. Accept any security warnings from your browser.
    6. Check esetScanArchives.png
    7. Push the Start button.
    8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    9. When the scan completes, push esetListThreats.png
    10. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    11. Push the esetBack.png button.
    12. Push esetFinish.png

Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.